Been a while since last been on. So I have a new job working as a sys admin within a secure environment. I am looking to get work to pay for some training and am wanting opinions on Crest course vs Tiger Scheme.

I have been doing some studying on my own as per Dynamic's and Hayabusa advise and learning Python. (Not enough studying time now as have had a little lad) Hence the reason for looking at training courses.

I'm in a similar position to you - although I've moved out of the SysAdmin scene and into a security group.

I struggled for a while to get my company to pay for anything CREST related - partly because few of the training providers were recognised, and partly because they didn't want me to have a significant amount of time off (the OSCP takes a serious amount of time)

In the end I whittled it down to a couple of options:

1. The SANS SEC560 (which I took in the end). This has the benefit of having "Ethical Hacker" in the title, and it's from a big organisation.

2. The 7safe CSTA course

The major problem I found was that most of the courses are either way too easy (focusing on really basic fundimentals such as TCP/IP), or way too hard (Focusing on creating exploits) for a experienced SysAdmin.

UKSecurityGuy wrote:I'm in a similar position to you - although I've moved out of the SysAdmin scene and into a security group.

In the end I whittled it down to a couple of options:

1. The SANS SEC560 (which I took in the end). This has the benefit of having "Ethical Hacker" in the title, and it's from a big organisation.

2. The 7safe CSTA course

The major problem I found was that most of the courses are either way too easy (focusing on really basic fundimentals such as TCP/IP), or way too hard (Focusing on creating exploits) for a experienced SysAdmin.

So you would recommend the SANS SEC560 then?? I looked at Seven safe but discounted them as they don't seem to be very well known. The best advise I have had to progress my security career is to learn how everything works which I have been doing and also have gone through all the CEH course work(Not planning on sitting it).But its been an interesting learning curve but I want to know more......... Is that a bad thing?? the wife would think so :-)

I'm just about to finish the SANS SEC560 course - and my opinion of it is mixed.

On one hand, if you've never really done any hacking before, it's a good start, it gives you an pointer to the major tools in the industry, and gives a reasonable understanding of how those tools work.

On the other hand, if you've done a bit of hacking or security work as a SysAdmin, you'll feel bogged down with a lot of the 'basics'. If you've done a CCNA or MCSE you'll know what I mean - you're taught a lot of stuff that is nice to know, but really you'll never need to memorise it in the real world, you'd just look it up. As an example - knowing that its the "-L" option and not the "-l" option in Windows netcat to make it a persistant listener is useful to memorise, in real life you'd just have a quick 5 second google.

The course does have a reasonable amount of hands on exercises, but they feel rushed. The exam itself is all multiple-choice answers, there isn't any practical element to it, so you could in theory get away with just a paper-based cert without having actually touched any of the tools or broken into any systems.

Personally I went with the SEC560 purely because I wanted the certification rather than the training - but I wouldn't say the training was a waste of time at all, especically if you've done little security work previously.

I'm actually doing the on-demand version of the course, and I'd probably recommend that to anyone whos not doing ethical hacking as their day job. There is a lot of memorise in the course, and I don't think I could take in 5 days worth (such as at one of the conferences) and then pass the exam without already having a good deal of experience with the tools and techniques that they teach. In my case - I've been doing 5 hours a day, including making notes, attempting the exercises and using the tools in my own lab evironment, and I get through about 2 sections a day, and there are 23 sections, and I'm fairly familiar with the concepts, tools and techniques they teach.

So done the MCITP and CCNA along with security plus. So maybe its not for me.......

When I said sys admin i look after the environment and do ....... Checks on the environment. We also have vunerabilty scanners which point out things may have missed though to be fair there more patch orientated.

My goal for the rest of this year and next is to get some courses done aimed at pen/check testing and increase knowledge. Any quals on the way will be good but i am aiming to be at a level for the OSCP by the end of next year.

The SEC560 essentially is aimed at Operating System attacks, there is very little the CCNA would help with here.

My advice would be to spin up a test environment, and just poking and prodding it with information from the web/books.

Although Metasploit isn't allowed in the OSCP as far as I'm aware - its still a very useful tool to have in your toolkit, so it's worth getting to grips with it. Personally I've found it to be a little temperamental, so I prefer to perform the attacks I know manually, and there really is no replacement for experience.

What's your end goal out of all of this? To be a better SysAdmin, or to move into one of the Pen Testing companies doing CHECK tests?

UKSecurityGuy wrote:My advice would be to spin up a test environment, and just poking and prodding it with information from the web/books.

Already have a test environment set up and as you put it prod the hell out of it.

UKSecurityGuy wrote:Although Metasploit isn't allowed in the OSCP as far as I'm aware - its still a very useful tool to have in your toolkit, so it's worth getting to grips with it. Personally I've found it to be a little temperamental, so I prefer to perform the attacks I know manually, and there really is no replacement for experience.

What's your end goal out of all of this? To be a better SysAdmin, or to move into one of the Pen Testing companies doing CHECK tests?

Short term goal is to gain experience in current role doing pre-check tests. Long term goal is to get a pen testing gig. As you say and other also have said experience is key. So short term aim is to carry out the pre-check tests for current company and gain experience that way. That should hopefully give me the experience required to make me a half decent pen/check tester. Long way to go before I would see myself as a compitent one if ever. I say if ever as some of the guys on here are on a different planet never mind a different playing field. :-)

In my opinion - you can't be a good Pen Tester without first being a good SysAdmin. I see too many Pen Testers now-a-days going straight into the security field, without having any SysAdmin experience, and it really shows.

For example - I've seen Pen Testers who miss the really obvious stuff, because they've never managed a real-life network themselves, and so aren't looking for the common mis-configurations. I also see a lot of testers who can't make real-world recommendations about how to fix problems they find because they've never supported the kit before, and so all they can do is take stock recommendations and repeat them ad-nausium.